/**
 * Project Name:kany-project-blog-web
 * File Name:UserLoginFilter.java
 * Package Name:me.kany.project.blog.appinit.filter.userlogin
 * Date:2016年9月23日上午9:53:52
 * Copyright (c) 2016, Jason.Wang All Rights Reserved.
 */
package me.kany.project.blog.appinit.filter.userlogin;

import java.io.IOException;
import java.util.regex.Pattern;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang3.StringUtils;

/**
 * ClassName:UserLoginFilter<br/>
 * Function: 用户权限拦截<br/>
 * Date:2016年9月23日上午9:53:52<br/>
 * 
 * @author Jason.Wang
 * @version 1.0
 * @since JDK1.7
 * @see
 */
public class UserLoginFilter  implements Filter {
	
	/** 要检查的 session 的名称 */
    private String sessionKey;
     
    /** 需要排除（不拦截）的URL的正则表达式 */
    private Pattern excepUrlPattern;
     
    /** 检查不通过时，转发的URL */
    private String forwardUrl;
    
	/*
	 * (non-Javadoc)
	 * 
	 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
	 */
	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
		sessionKey = filterConfig.getInitParameter("sessionKey");
        String excepUrlRegex = filterConfig.getInitParameter("excepUrlRegex");
        if (!StringUtils.isBlank(excepUrlRegex)) {
            excepUrlPattern = Pattern.compile(excepUrlRegex);
        }
        forwardUrl = filterConfig.getInitParameter("forwardUrl");
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
	 */
	@Override
	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        String servletPath = request.getServletPath();
		// 如果 sessionKey 为空，则直接放行
        if (StringUtils.isBlank(sessionKey)) {
            chain.doFilter(req, res);
            return;
        }
		
        
        
        // 如果请求的路径与forwardUrl相同，或请求的路径是排除的URL时，则直接放行
        if (servletPath.equals(forwardUrl) || excepUrlPattern.matcher(servletPath).matches()) {
            chain.doFilter(req, res);
            return;
        }
        
        Object sessionObj = request.getSession().getAttribute(sessionKey);
        // 如果Session为空，则跳转到指定页面
        if (sessionObj == null) {
            String contextPath = request.getContextPath();
            // String redirect = servletPath + "?" + StringUtils.defaultString(request.getQueryString());
            /*
             * login.jsp 的 <form> 表单中新增一个隐藏表单域：
             * <input type="hidden" name="redirect" value="${param.redirect }">
             * 
             *  LoginServlet.java 的 service 的方法中新增如下代码：
             *  String redirect = request.getParamter("redirect");
             *  if(loginSuccess){
             *      if(redirect == null || redirect.length() == 0){
             *          // 跳转到项目主页（home.jsp）
             *      }else{
             *          // 跳转到登录前访问的页面（java.net.URLDecoder.decode(s, "UTF-8")）
             *      }
             *  } 
             */
            response.sendRedirect(contextPath + StringUtils.defaultIfEmpty(forwardUrl, "/"));
            // response.sendRedirect(contextPath + StringUtils.defaultIfEmpty(forwardUrl, "/")+ "?redirect=" + URLEncoder.encode(redirect, "UTF-8"));
        } else {
//        	Pattern manageRole = Pattern.compile("/userinfo");
//        	if(manageRole.matcher(servletPath).matches()){
//        		if(true == Boolean.parseBoolean(request.getSession().getAttribute("session_sys_role").toString())){
//        			chain.doFilter(req, res);
//        		}else{
//        			response.sendRedirect("courseware");
//        		}
//        	}else{        		
        		chain.doFilter(req, res);
//        	}
        }
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see javax.servlet.Filter#destroy()
	 */
	@Override
	public void destroy() {
	}

}
